NT Based Web Security by wuzhengqin


									Windows NT Based
  Web Security

     COSC 573

    By: Ying Li
 Basic Concepts of Windows NT
• Advantages
  – User-friendly graphic front end
  – Point-and-click configuration
  – Excellent software development tools
• Disadvantages
  – Relative newcomer to the Internet
  – A variety of security problems
Basic Concepts of Windows NT
• Windows NT Server vs. NT Workstation
  – Windows NT Server:
    • More expensive
    • has complete functionality
    • can coordinate the activities of other machines,
      provide remote access services, run Windows name
      resolution, and host the Internet Information Server
Basic Concepts of Windows NT (cont’)
– Windows NT Workstation
  • a water-down version of the Server product
  • with most of the server functions disabled
     – Microsoft Internet Information Server runs only on NT
     – However, Web servers from other vendors run with the
       Workstation version of operating system, as well

 From the point of view of system security, the
 main difference between the two flavors is that
 NT Workstation comes with an undesirably
 permissive configuration, while NT Server is
 Windows NT Security Risks
In theory, the Windows NT system of access control lists,
domains, and trust relationships provides a high level of
security. In practice, many NT server on the Internet are
not secure.

              How can this be?
Widespread Misconfiguration Problems

• An out-of-the-box Windows NT Workstation
  installation is not secure.
  – Most of the system’s files and directories are read/write
    by Everyone, which means that any local user can
    tamper with the system to his heart’s content.
  – Because of the strange properties of the built-in
    Everyone group, there are a variety of ways for
    unidentified Internet users to view and /or alter the
    system, as well.
  Widespread Misconfiguration Problems (Cont’)

• Windows NT Server, in contrast, has a more
  reasonable set of default permissions when first
• However, it still contains gaps in its configuration
  that allow for unwanted mischief.
• In practice, many Windows NT Servers are not
  installed from scratch but are upgraded from
  previous versions of Windows NT or from
  Windows 95. In such cases, the access control lists
  are probably at their least restrictive setting.
  Widespread Misconfiguration Problems (Cont’)

• An Additional problem for Windows NT:
  Windows NT actually supports two different file
  systems: FAT and NTFS. Only NTFS provides
  access control lists. Machines that use an FAT file
  system have no file protection.
  Vulnerability to NetBIOS Attacks
• Concept: Windows NT uses a family of
  networking protocols, known collectively as
  “NetBIOS,” to provide Windows file sharing,
  network printing, and remote system
• NetBIOS is network-independent. However,
  NetBIOS was designed with a local area network
  in mind, not large networks like the Internet.
• For this reason, it has certain vulnerabilities.
            NetBIOS Vulnerability
• Information leakage
   – NetBIOS will advertise information about a system’s shared
     volumes, workgroup name, domain name and machine name
     without requiring the remote machine or user to authenticate
• Client-Controlled fallback to weaker authentication
   – In order to be compatible with less-capable operating systems,
     such as Windows for Workgroups, and Windows 95, NetBIOS will
     fall back to weaker authentication when a remote client requests it.
• Anonymous log-in
   – NetBIOS allows a limited form of anonymous, unauthenticated
     log-in. Designed to allow machines on the local area network to
     exchange information about themselves, this loophole has been
     used by would-be intruders to gain access to sensitive parts of the
     system, such as the registry.
Securing a Windows NT Web Server
1 Apply all service patches
2 Fix the file system permissions
3 Fix the registry access permissions
4 Remove or disable all extraneous network services
5 Add the minimum number of user accounts necessary to
  maintain the server
6 Install the server software and adjust file and directory
  permissions to restrict unnecessary access
7 Remove or disable unnecessary Web server features, CGI
  scripts, and extensions
8 Monitor system and server log files
  Apply All Service Packs and Updates
• Microsoft releases operating system patches
  called “service packs” at regular intervals
• These service packs contain patches for
  known security holes in the operating
  system, as well as other bug fixes and
  feature enhancements
• Back up your system if it has any valuable
  data on it
    Fix the File System and Registry Permissions
• After applying operating system patches, the next step is
  to check and adjust the file system and registry
• To get the benefit of file system permissions, you must
  have formatted Windows NT disk partition as NTFS
• For fixing the file system, you should log into the
  system as Administrator and use the Properties ->
  Security -> Permissions window to change the access
  control lists
• For fixing the registry, like the file system, the keys and
  values of the Windows registry are protected by access
  control lists
An Example

Owner                         Administrator
Change contents too           Files and subdirectories
Administrators                Full control
SYSTEM                        Full control
Users                         Read
Rationale: These two directories contain common
  preferences shared by all users. Users can view the defaults
  but not change them
           User Rights Policies
• The Windows NT User Manager program
  establishes certain global user rights. Some
  of the rights on a default installation are
  inappropriate for Web server machines;
  others are simply accident prone. To change
  these rights, select Policies-> User Rights…
  in the User Manager program to bring up
  the User Rights Policy
    Install Web Server Software
• If the software isn’t already preinstalled, go
  ahead and install it by running whatever
  install program the vendor provides.
• The main task at this point is to tune the
  directory permissions so that authorized
  users can make changes to the Web tree
  without having to become full administrator
  to do so
        Turn off Unnecessary Features
• Microsoft IIS and other servers support a few
  optional features that potentially can be used by
  unscrupulous individuals to gain information
  about your system. Unless you really need these
  features, you should turn them off.
   –   Directory Browsing
   –   Read-Access to the Scripts Directory
   –   Execute-Access to Non-Scripts Directories
   –   Active Server Pages
Monitor the Web Server and Event Logs

• Both the Web server and Windows NT
  itself are capable of performing extensive
  logging. Although the Web server logs are
  turned on by default, NT event logging
  (“auditing”) is turned off. It is
  recommended to enable it.
      Create a Backup System
• A recent and complete system-wide backup
  is essential for recovering from a break-in
• Even if your system isn’t broken into, a
  backup will allow you to recover from
  disasters, ranging from hard disk crash to
  the accidental deletion of an essential file

To top